View previous topic :: View next topic |
Author |
Message |
snail Just Arrived
Joined: 19 Apr 2002 Posts: 0
|
Posted: Sat Apr 20, 2002 5:55 pm Post subject: [INFO] Linux Firewalling/Router/Gateway - Firewall Distros |
|
|
http://netfilter.samba.org ...
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Mon Apr 29, 2002 2:51 am Post subject: |
|
|
Some entries:
Astaro - Pretty heavyweight excellent feature set, needs some good hardware though.
Linux Router Project Floppy style
Astaro Clone?
Moved from another thread.
Contributed by BRasCO and maxpower.
Last edited by ShaolinTiger on Fri Oct 03, 2003 1:13 pm; edited 1 time in total |
|
Back to top |
|
|
ReD Just Arrived
Joined: 03 May 2002 Posts: 0
|
Posted: Fri May 03, 2002 4:41 pm Post subject: Nice little list you have going there .... |
|
|
Hi .... I'm chris btw, I was just browsing around and ran accross yer board here ... thought I might add a little ... so here I am
anyway, I have been testing all the above mentioned firewall solutions (cept for igwall which I just downloaded and am burning as we speak) and I agree with most of what was said here. I'll cut and paste what I've said elsewhere about those solutions and a few others
Astaro
Astaro - Love it, Needs a bit more horsepower and newer equipment than most firewall distros but you simply can't beat the ease of administration once it set up and running. The install is relatively easy but figuring everything out in the web interface does take just a bit of a learning curve. Overall a very good product.
ClarkConnect
Clarkconnect - Excellent Piece of work here. Great for those with a little bit of knowledge and it has nice features such as automatic updates of their own DYNDNS system apache and MySQL are installed. It can be used on an older box. It has samba installed for network shared space of multiple OS's. It has VPN capabilities.
E-smith
E-smith Server and Gateway - Another GREAT choice. I really like the way this particular distro handles user accounts and builds email addresses for them and integrates shared user space. One thing I didn't like was that it was trying to gain control over my network and it did cause a few issues ... otherwise a very solid choice.
Engarde
Engarde - Worthless piece of proprietary crap
Immunix OS
Immunix OS - Never did get it to run properly
IPCop
IP Cop Firewall - Direct knock off of Smoothwall (see smoothwall)
Netule
Netule - Direct knock off of Astaro
Smoothwall
Smoothwall - Excellent "beginner" firewall solution. Installation is a breeze even with older equipment. It runs very solid and has a great basic amount of features. Ideal for the Home user with high speed data access.
These opinions are strictly my own and not meant as an argument to comments made earlier , just another opinion.
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Tue Aug 13, 2002 8:34 pm Post subject: |
|
|
Ok I've had a few requests to add the Floppy type firewalls, here goes:
ClosedBSD
http://www.closedbsd.org/index.html
ClosedBSD is a firewall and network address translation utility which boots off of a single floppy disk or CDROM, and requires no hard drive. ClosedBSD is based off of the FreeBSD kernel, and uses ipfw as its native ruleset management system, and natd as it's network address translation utility.
FloppyFW
http://www.zelow.no/floppyfw/
floppyfw is a static router with the firewall-capabilities in Linux.
Although it is called a firewall it does not have all the functionality we are expecting from a firewall of today. It is basically a Screening router or Packet filtering firewall. (Although many firewalls sold today are just this.)
Freesco
http://www.freesco.org
FREESCO (stands for FREE ciSCO) is a free replacement for commercial routers supporting up to 3 ethernet/arcnet/token_ring/arlan network cards and up to 2 modems.
TheWall
http://thewall.sourceforge.net/
TheWall is a collection of PicoBSD configuration trees and prebuild binaries for various platforms that provides NAT and firewall services for a small network. The goal of theWall project is to allow a user to get going quickly without having to learn the details of building a PicoBSD release.
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Mon Sep 09, 2002 4:16 pm Post subject: |
|
|
I've another one too add on the floppy front:
Linux Embedded Appliance Firewall
An easy to use embedded Linux network appliance for use in small office, home office, and home automation environments. Although it can be used in other ways, it's primarily used as a gateway/router/firewall for Internet leaf sites.
http://leaf.sourceforge.net
Out of interest has anyone used any of these with a dial-on-demand type connection?
I need to do it with ISDN, any recommendations for best compatibility (External ISDN adapter).
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Fri Oct 03, 2003 1:09 pm Post subject: |
|
|
As a replacement for LRP using a combination of LRP and Coyote there is also now Frazierwall:
http://www.frazierwall.com/
Quote: |
FrazierWall Linux - I developed FrazierWall Linux originally as my own customized firewall. It was originally based on the Linux Router Project and Coyote Linux 1.03. However, as I continued to modify and develop the product, it began to take on a life of its own as a separate distribution of Linux. My goal was to create a preconfigured router/firewall already built to provide DHCP and time services to any home or small business LAN.
Unlike the base LRP 2.9.8, FrazierWall Linux uses a Linux 2.2.18 kernel and has extensive customizations to make it more end user friendly. This firewall is designed to use Linux 2.2's IP Masquerading (NAT Routing). I have preconfigured a set of firewall rules that should further enhance the security of the product. I went to great effort to test and even attempt to break the security myself. It has been tested extensively in the open environment by real users and real hacker tools. Special credit goes to my friends on Cox High Speed Internet, a cablemodem service. |
This thread hasn't been updated for a long time so if anyone else has any new firewall/gateway/router type distros that have not been mentioned here please post them (no comments or general chat please.)
|
|
Back to top |
|
|
z0ulsh1ne Just Arrived
Joined: 03 Jul 2003 Posts: 0
|
Posted: Mon Nov 03, 2003 12:49 am Post subject: |
|
|
-> http://www.fli4l.de/english/e_fli4l.htm
Fli4l is a single floppy Linux-based ISDN, DSL and Ethernet-Router. You can build it from an old 486 based pc with 16 megabyte memory, which is more than adequate for this purpose.
The necessary boot-disk can be built under Unix, Linux or Windows. You don't need any specific Linux-knowledge, but this would be useful. You should have some basic knowledge about networking, TCP/IP, DNS and routing though. For extensions and further development, that exceed the standard configuration, you need a working Linux-system and Unix/Linux knowledge.
|
|
Back to top |
|
|
biox Just Arrived
Joined: 08 Jan 2004 Posts: 0
|
|
Back to top |
|
|
rgachago Just Arrived
Joined: 26 Sep 2003 Posts: 0 Location: Gaborone
|
|
Back to top |
|
|
forza Just Arrived
Joined: 26 Nov 2004 Posts: 0
|
|
Back to top |
|
|
wybnormal Just Arrived
Joined: 26 Feb 2005 Posts: 0 Location: California
|
Posted: Sun Feb 27, 2005 5:46 am Post subject: |
|
|
m0n0wall Ten minutes to configure the WRAP board and get it loaded
MikeS
|
|
Back to top |
|
|
Grullanetx Just Arrived
Joined: 27 Sep 2004 Posts: 0 Location: The Beach! in Venezuela
|
Posted: Thu Mar 10, 2005 10:08 am Post subject: |
|
|
Hi all!...
NetBoz Firewall
http://www.netboz.net/
Quote: |
NetBoz works over standard FreeBSD services, giving maximum flexibility, ease of use and performance to corporate networks. Do you need more power? just add hardware. No user licences to pay for, no costly upgrades, no brand dependance.
NetBoz is a live CD. It does not use a hard disk, while all the settings are stored on a write-protectable diskette, making it virtually inmune to intrusions and power failures
Main Features
Web administration interface
Does not use a hard disk
Works with 2 or 3 network interfaces
NAT for publishing LAN or DMZ services
DNS server
DHCP server
DHCP client on WAN interface
PPPoE support (new!)
Real time traffic monitoring
Unlimited users
It's free !
|
Linux Netwosix
Quote: |
Netwosix is a powerful and optimized Linux distribution for servers and Network Security related jobs. It can be also used for special operations as penetration test with its big collection of softwares and sources security oriented. It's a ligh distribution created for the requirements of every SysAdmin and it's very portable and highly configurable. Our philosophy is to give a big liberty of configuration to the SysAdmin. Only in this way he/she can configure a powerful and stable server machine. Linux Netwosix have also a powerful ports system (Nepote) similar to the xBSD systems but more flexible and usable
|
http://www.netwosix.org/
Sentry Firewall
http://www.sentryfirewall.com/
redWall Firewall CD
redWall is a bootable CD-ROM Firewall with Snort, snortsam, dansguardian and support for fwbuilder, spamassassin, reporting (using ACID/sarg/ntop/webfwlog), VPN (FreeSWan/PoPToP/Openvpn) and mail alerting (by mail). Configs are stored on a Floppy or USB
http://sourceforge.net/projects/redwall/
CD-ROM Firewall
Quote: |
CD-ROM Firewall is a Red Hat/FEDORA based firewall that boots off a CD-ROM. Utilizing a headless, diskless computer it can provide services such as network address translation (NAT), virtual private network (VPN), ADSL connnectivity, DHCP, DNS, and many |
http://sourceforge.net/projects/cdfw/
NetBSD/i386 Firewall
Quote: |
NetBSD/i386 Firewall is a free firewall solution for people with a permanent Internet connection. This includes most users of cable or ADSL services, but also businesses with leased lines. PPPoE support and PPTP support is available on CD.
|
http://firewall.dubbele.com/
--------------------------------------------------------------------------------------
|
|
Back to top |
|
|
Terry88 Just Arrived
Joined: 18 Aug 2009 Posts: 0
|
Posted: Mon Aug 31, 2009 7:51 am Post subject: another great Firewall |
|
|
i'd like to add something too
i can recomment
Ideco Gateway
www.idecogateway.com
vpn,firewall, mail server and more
based on linux red hat
been running it for some time now on my small netwaork and planning to take it our main newwork of arounf 150 workstations
btw i got it for free from ideco
|
|
Back to top |
|
|
adamjoh Just Arrived
Joined: 15 Oct 2012 Posts: 1
|
Posted: Mon Oct 15, 2012 11:31 pm Post subject: Most innovative and best in class firewall so far |
|
|
Here is my contribution, real nice firewall and router, best of all it's free. Based on OpenBSD and just recently was reviewed in BSD Magazine, that's we're read about it.
Halon Security Security Routers (SR): http://www.halon.se/products/firewalls
They got free downloads and great wiki: http://wiki.halon.se
Here is a comparison to some other free: http://wiki.halon.se/SR/Comparison
Some nice features:
VPN
Manual key IPsec
IKE (ISAKMP) for automatic keying IPsec
IKEv2 with mobile support (MOBIKE)
L2TP and PPTP
GRE, IPIP (RFC 1933) and Ethernet (RFC 3378) tunnels
High availability using SA synchronization
Routing
Equal-cost multi-path routing
VRFs using routing domains
OSPFv2 and OSPFv3 (IPv6)
BGP with support for VPNs using extended communities and TCP MD5
LDP for MPLS (provider edge)
Multicast and DVMRP
Ethernet
PPPoE client
Bridges with RSTP
VLANs (802.1q)
QinQ VLAN s (802.1ad)
Trunking and link aggregation with LACP
Other
DHCP server, client and relay
DHCPv6 server, client and relay
IPv6 router advertisement and solicitation
Management
Hierarchical human-readable configuration file format
Atomic configuration commit (no reboot requirement, ever)
Full SOAP API
Test configurations during specified time (always reverts perfectly)
Revision-based configuration, with message, user, timestamp and diffing
Support for clustering
Full IPv6 support, even for online software updating
Root access option
Clustering
Optional zero-config clustering using dedicated cluster port
Active/passive and active/active high availability
CARP (address redundancy)
Configuration, firewall, IPsec and DHCP synchronization
Firewall
Stateful packet filtering
Policy-based rulesets with packet tagging
Quality of service with hierarchical queueing
Alterations such as NAT, redirects and policy routing in-line with rules
NetFlow export
Load balancing and internet failover
Layer 3 forwarding with many probe conditions
Layer 7 proxy with SSL acceleration support
Route alternation
|
|
Back to top |
|
|
|